Shodan
Vulnerabilities
Vulnerable Software
Nagios:  >> Nagios Xi  Security Vulnerabilities
CVE-2021-3193
Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
CVSS Score
9.8
EPSS Score
0.226
Published
2021-01-26
CVE-2020-35578
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.
CVSS Score
7.2
EPSS Score
0.904
Published
2021-01-13
CVE-2020-27990
Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).
CVSS Score
5.4
EPSS Score
0.177
Published
2020-11-16
CVE-2020-27991
Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).
CVSS Score
5.4
EPSS Score
0.177
Published
2020-11-16
CVE-2020-27988
Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).
CVSS Score
5.4
EPSS Score
0.566
Published
2020-11-16
CVE-2020-27989
Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).
CVSS Score
5.4
EPSS Score
0.177
Published
2020-11-16
CVE-2020-28648
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
CVSS Score
8.8
EPSS Score
0.139
Published
2020-11-16
CVE-2020-5796
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-11-13
CVE-2020-5790
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVSS Score
6.5
EPSS Score
0.048
Published
2020-10-20
CVE-2020-5791
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVSS Score
7.2
EPSS Score
0.913
Published
2020-10-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved